<?php
//session_start();

// filename: upload.processor.php

// first let's set some variables

// make a note of the current working directory, relative to root.
$directory_self = str_replace(basename($_SERVER['PHP_SELF']), '', $_SERVER['PHP_SELF']);

// make a note of the directory that will recieve the uploaded files
$uploadsDirectory = $_SERVER['DOCUMENT_ROOT'] . $directory_self . '../Images/profilePictures/';

// make a note of the location of the upload form in case we need it
$uploadForm = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'registerForm.php';

// make a note of the location of the success page
$uploadSuccess = 'http://' . $_SERVER['HTTP_HOST'] . $directory_self . 'registerSuccess.php';

// name of the fieldname used for the file in the HTML form
$fieldname = 'file';



// Now let's deal with the upload

// possible PHP upload errors
$errors = array(1 => 'php.ini max file size exceeded',
                2 => 'html form max file size exceeded',
                3 => 'file upload was only partial',
                4 => 'no file was attached');

// check the upload form was actually submitted else print form
//isset($_POST['submit'])
//	or error('the upload form is needed', $uploadForm);

// check for standard uploading errors


// check that the file we are working on really was an HTTP upload


// validation... since this is an image upload script we
// should run a check to make sure the upload is an image

// make a unique filename for the uploaded file and check it is
// not taken... if it is keep trying until we find a vacant one

$now = time();

while(file_exists($uploadFilename = $uploadsDirectory.$now.'-'.$_FILES[$fieldname]['name']))
{$now++;}
$imagename = ($_FILES[$fieldname]['name']);
$imageURL = "$now-$imagename";

// now let's move the file to its final and allocate it with the new filename
@move_uploaded_file($_FILES[$fieldname]['tmp_name'], $uploadFilename)
	or error('receiving directory insuffiecient permission', $uploadForm);
// $_FILES[$fieldname]['name'] verkar vara namnet på bilden man laddar upp

// If you got this far, everything has worked and the file has been successfully saved.
// We are now going to redirect the client to the success page.
header('Location: ' . "../InsertUser/creationSuccess.php");







// make an error handler which will be used if the upload fails

function error($error, $location, $seconds = 5)
{

        }


include '../phpFunctions/databaseConnect.php';
$anvandarnamn=$_POST['användarnamn'];
$anvandarnamn = stripslashes($anvandarnamn);
$anvandarnamn = mysql_real_escape_string($anvandarnamn);
$result = mysql_query("select user_id from users where username ='$anvandarnamn'");
 while($row = mysql_fetch_assoc($result)) {
	$user_id = $row["user_id"];
	}
$email=$_POST['email'];
$showMail=$_POST['showMail'];
$fornamn=$_POST['fornamn'];
$efternamn=$_POST['efternamn'];
$postnummer=$_POST['postnummer'];
$adress=$_POST['adress'];
$stad=$_POST['stad'];
$email=$_POST['email'];
$lan=$_POST['lan'];
$telefonnummer=$_POST['telefonnummer'];
$showPhone=$_POST['showPhone'];

//Prevention of mysql injections!!
$email = stripslashes($email);
$email = mysql_real_escape_string($email);

$lan = stripslashes($lan);
$lan = mysql_real_escape_string($lan);

$fornamn = stripslashes($fornamn);
$fornamn = mysql_real_escape_string($fornamn);

$efternamn = stripslashes($efternamn);
$efternamn = mysql_real_escape_string($efternamn);

$telefonnummer = stripslashes($telefonnummer);
$telefonnummer = mysql_real_escape_string($telefonnummer);

$adress = stripslashes($adress);
$adress = mysql_real_escape_string($adress);

$stad = stripslashes($stad);
$stad = mysql_real_escape_string($stad);

$postnummer = stripslashes($postnummer);
$postnummer = mysql_real_escape_string($postnummer);
//Prevention of mysql injections!!

// Determine if the user wants to share his contactinformation

if ($showPhone == on){$showPhone = no;}
else {$showPhone = yes;}

if ($showMail == on){$showMail = no;}
else {$showMail = yes;}


$upptaget = "../InsertUser/registerForm.php?uppt=1&mail=$email&lan=$lan&bild=$fieldname";
 if ($user_id != NULL) {header('Location: ' . $upptaget);}

$losenord=$_POST['losenord'];
// Hashar lösenordet
$losenord = hash( 'whirlpool', $losenord );
// Tar bara första 75
$losenord = substr($losenord, 0, 75);

$losenordcheck=$_POST['losenordcheck'];
$losenordcheck = hash( 'whirlpool', $losenordcheck);
$losenordcheck = substr($losenordcheck, 0, 75);
if(isset($imageURL)==false){$imageURL="";}
//Connnects to database

$activationkey = mt_rand().$email;



$query = "INSERT INTO users VALUES ('0','$email','$showMail','$fornamn','$efternamn','$anvandarnamn','$adress','$stad','$postnummer',
        '$lan', '$telefonnummer','$showPhone','$losenord','$imageURL','$activationkey','unconfirmed')";
mysql_query($query);

mysql_close();

$to= $email;


$message = "Hej $anvandarnamn! Välkommen till dinkonst.se \r\rKlicka på länken nedan för att aktivera ditt konto\r\r\r\r

http://localhost/ITSYS2011_PROJEKT/minkonst/Insertuser/activate.php?check=$activationkey&user=$anvandarnamn\r\r
\r\r

Hälsningar, dinkonst.se";


$headers = 'From: dinkonst@info.se' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .
    'X-Mailer: PHP/' . phpversion();

mail($to, $subject, $message, $headers);





?>